Update dependency backpack-core to v0.8.4 #4
Security Report
❌ New vulnerabilities:
| Vulnerability | Severity |  CVSS Score |
Vulnerable Library | Direct Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|
CVE-2026-23950Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> jest-haste-map-21.2.0.tgz -> sane-2.5.2.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.19.tgz (Vulnerable Library) |
 High |
8.8 | Transitive tar-4.4.19.tgz |
jest-21.2.1.tgz | Transitive 7.5.4 |
#88 |
|
CVE-2026-24842Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> jest-haste-map-21.2.0.tgz -> sane-2.5.2.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.19.tgz (Vulnerable Library) |
High |
8.2 | Transitive tar-4.4.19.tgz |
jest-21.2.1.tgz | Transitive 7.5.7 |
#88 |
|
CVE-2026-31802Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> jest-haste-map-21.2.0.tgz -> sane-2.5.2.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.19.tgz (Vulnerable Library) |
High |
7.1 | Transitive tar-4.4.19.tgz |
jest-21.2.1.tgz | Transitive https://github.com/isaacs/node-tar.git - v7.5.11 |
#88 |
|
CVE-2026-29786Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> jest-haste-map-21.2.0.tgz -> sane-2.5.2.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.19.tgz (Vulnerable Library) |
High |
7.1 | Transitive tar-4.4.19.tgz |
jest-21.2.1.tgz | Transitive https://github.com/isaacs/node-tar.git - v7.5.10 |
#88 |
|
CVE-2026-26960Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> jest-haste-map-21.2.0.tgz -> sane-2.5.2.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.19.tgz (Vulnerable Library) |
High |
7.1 | Transitive tar-4.4.19.tgz |
jest-21.2.1.tgz | Transitive 7.5.8 |
#88 |
|
CVE-2026-23745Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> jest-haste-map-21.2.0.tgz -> sane-2.5.2.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.19.tgz (Vulnerable Library) |
High |
7.1 | Transitive tar-4.4.19.tgz |
jest-21.2.1.tgz | Transitive https://github.com/isaacs/node-tar.git - v7.5.3 |
#88 |
|
CVE-2024-28863Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> jest-21.2.1.tgz (Root Library) -> jest-cli-21.2.1.tgz -> jest-haste-map-21.2.0.tgz -> sane-2.5.2.tgz -> fsevents-1.2.9.tgz -> node-pre-gyp-0.12.0.tgz -> ❌ tar-4.4.19.tgz (Vulnerable Library) |
 Medium |
6.5 | Transitive tar-4.4.19.tgz |
jest-21.2.1.tgz | Transitive tar - 6.2.1 |
#88 |
|
CVE-2024-43788Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> ❌ webpack-4.47.0.tgz (Vulnerable Library) |
Medium |
6.4 | Transitive webpack-4.47.0.tgz |
backpack-core-0.8.4.tgz | Transitive 5.94.0 |
None |
|
CVE-2026-34043Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> webpack-4.47.0.tgz -> terser-webpack-plugin-1.4.6.tgz -> ❌ serialize-javascript-4.0.0.tgz (Vulnerable Library) |
Medium |
5.9 | Transitive serialize-javascript-4.0.0.tgz |
backpack-core-0.8.4.tgz | Transitive https://github.com/yahoo/serialize-javascript.git - v7.0.5 |
None |
|
CVE-2025-14505Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> webpack-4.47.0.tgz -> node-libs-browser-2.2.1.tgz -> crypto-browserify-3.12.1.tgz -> create-ecdh-4.0.4.tgz -> ❌ elliptic-6.6.1.tgz (Vulnerable Library) |
Medium |
5.6 | Transitive elliptic-6.6.1.tgz |
backpack-core-0.8.4.tgz | None |
|
|
CVE-2024-11831Path to dependency file: /api/package.json Path to vulnerable library: /api/package.json Dependency Hierarchy: -> backpack-core-0.8.4.tgz (Root Library) -> webpack-4.47.0.tgz -> terser-webpack-plugin-1.4.6.tgz -> ❌ serialize-javascript-4.0.0.tgz (Vulnerable Library) |
Medium |
5.4 | Transitive serialize-javascript-4.0.0.tgz |
backpack-core-0.8.4.tgz | Transitive serialize-javascript - 6.0.2 |
None |
|
✔️ Remediated vulnerabilities:
| Vulnerability | Vulnerable Library |
|---|---|
| CVE-2022-46175 | json5-1.0.1.tgz |
| CVE-2022-37599 | loader-utils-1.2.3.tgz |
| CVE-2021-27290 | ssri-6.0.1.tgz |
| CVE-2022-25858 | terser-4.0.0.tgz |
| CVE-2024-43788 | webpack-4.32.2.tgz |
| CVE-2022-46175 | json5-2.1.0.tgz |
| CVE-2022-37603 | loader-utils-1.2.3.tgz |
| CVE-2022-37601 | loader-utils-1.2.3.tgz |
| CVE-2022-25883 | semver-6.1.1.tgz |
Base branch total remaining vulnerabilities: 295
Base branch commit: 5bd40f7bbba8f9464168ea235192b84b5c8856f3
Total libraries scanned: 2075
Scan token: b1c53ae3a7b44a28aef1d924bd23aa69